Forensig²: File System Images for Training Courses in Forensic Computing

Overview

The Forensic Image Generator Generator is a system that allows to produce file system images for training courses in forensic computing. The instructor can “program” certain user behavior (like copying files and deleting them) in a script file which is then executed by the system using a combination of Python and Qemu. The result is a file system image that can be analysed by students within exercises on forensic computing. The analysis results of the students can then be compared with the “truth” encoded in the input script. The system therefore allows to easily generate large numbers of artificial but still challenging images without the privacy concerns of, for example, using and analysing second hand hard disks. The system was built by Christian Moch as part of his diploma thesis. Publications